Information Security - Incident Reporting Portal

Frequently Asked Questions

Archer GRC (Governance, Risk, Compliance) Incident Reporting Portal

What is the Archer GRC Incident Reporting Portal?

The Archer GRC Incident Reporting Portal addresses security incident and event reporting requirements for state agencies and institutions of higher education. Each agency and institute of higher education is responsible for assessing the significance of a security incident within its organization and for providing a report to DIR based on the business impact on affected resources and the current and potential technical effect of the incident (e.g., loss of revenue, productivity, access to services, reputation, unauthorized disclosure of confidential information, or propagation to other networks).

Is incident reporting a monthly requirement?

Yes. Administrative Rules (1 TAC 202.23/1 TAC 202.73 state: Reports must be sent to DIR on a monthly basis, no later than the nine calendar days after the end of the month. Information shall be reported in the form and manner specified by DIR.

If an agency or institute of higher education does not report after the required date, it will be required to include the information in the next month's report and make note of such submission in the Comments section of the report.

What defines a security incident or event?

An incident is an adverse event in or affecting an information system, network, and/or workstation, or the threat of the occurrence of such an event.

An event is any observable occurrence in a system, network, and/or workstation. Although natural disasters and other non-security-related disasters (power outages) are also called events, the reporting requirements are for IT-security-related events only. A planned outage is NOT considered an incident or event.

How and when are critical incidents reported?

Security incidents that are critical in nature and have a substantial likelihood of being propagated to other systems beyond the control of the agency, should be reported to DIR within 24 hours (in addition to being included in monthly reporting)

For emergency notifications or initial reporting of security incidents meeting 1 TAC 202 criteria, you may use the Archer GRC Incident Reporting Portal or call DIR's Computer Security Incident Response Team (CSIRT) at 512-350-3282. The phone is answered 24 hours a day, 7 days a week.

Is the data collected confidential?

Yes. The data collected is not shared with other reporting entities, it is treated as confidential in accordance with TGC 2059. DIR provides trending reports and metrics to the Legislature during session.

How are user accounts and credentials obtained?

The requesting agency or institution’s Information Resource Manager (IRM) or Information Security Officer (ISO) can submit a support request form through the Archer GRC Incident Reporting Portal.